Add support for session mode

Author: waahm7

Diff for: source/s3_request_messages.c

@@ -27,6 +27,7 @@ const struct aws_byte_cursor g_s3_create_multipart_upload_excluded_headers[] = {
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-checksum-sha1"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-checksum-sha256"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("if-none-match"),
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-create-session-mode"),
 };
 
 const size_t g_s3_create_multipart_upload_excluded_headers_count =
@@ -62,6 +63,7 @@ const struct aws_byte_cursor g_s3_upload_part_excluded_headers[] = {
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-checksum-sha1"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-checksum-sha256"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("if-none-match"),
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-create-session-mode"),
 };
 
 const size_t g_s3_upload_part_excluded_headers_count = AWS_ARRAY_SIZE(g_s3_upload_part_excluded_headers);
@@ -96,6 +98,7 @@ const struct aws_byte_cursor g_s3_complete_multipart_upload_excluded_headers[] =
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-copy-source"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-copy-source-range"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-mp-object-size"),
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-create-session-mode"),
 };
 
 const size_t g_s3_complete_multipart_upload_excluded_headers_count =
@@ -131,6 +134,7 @@ const struct aws_byte_cursor g_s3_complete_multipart_upload_with_checksum_exclud
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-copy-source-range"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-sdk-checksum-algorithm"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-mp-object-size"),
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-create-session-mode"),
 };
 
 const struct aws_byte_cursor g_s3_list_parts_excluded_headers[] = {
@@ -162,6 +166,7 @@ const struct aws_byte_cursor g_s3_list_parts_excluded_headers[] = {
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-object-lock-legal-hold"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-copy-source"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-copy-source-range"),
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-create-session-mode"),
 };
 
 const size_t g_s3_list_parts_excluded_headers_count = AWS_ARRAY_SIZE(g_s3_list_parts_excluded_headers);
@@ -192,6 +197,7 @@ const struct aws_byte_cursor g_s3_list_parts_with_checksum_excluded_headers[] =
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-object-lock-legal-hold"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-copy-source"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-copy-source-range"),
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-create-session-mode"),
 };
 
 const size_t g_s3_list_parts_with_checksum_excluded_headers_count =
@@ -227,9 +233,11 @@ const struct aws_byte_cursor g_s3_abort_multipart_upload_excluded_headers[] = {
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-copy-source"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-copy-source-range"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("if-none-match"),
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-create-session-mode"),
 };
 
 const struct aws_byte_cursor g_s3_create_session_allowed_headers[] = {
+    AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-create-session-mode"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-server-side-encryption"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-server-side-encryption-aws-kms-key-id"),
     AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("x-amz-server-side-encryption-context"),

Diff for: source/s3express_credentials_provider.c

@@ -486,14 +486,14 @@ struct aws_string *aws_encode_s3express_hash_key_new(
     struct aws_byte_cursor host_value,
     struct aws_http_headers *headers) {
 
-    struct aws_byte_buf combined_hash_buf;
+    struct aws_byte_buf combined_buf;
 
     /* 1. Combine access_key and secret_access_key into one buffer */
     struct aws_byte_cursor access_key = aws_credentials_get_access_key_id(original_credentials);
     struct aws_byte_cursor secret_access_key = aws_credentials_get_secret_access_key(original_credentials);
-    aws_byte_buf_init(&combined_hash_buf, allocator, access_key.len + secret_access_key.len);
-    aws_byte_buf_write_from_whole_cursor(&combined_hash_buf, access_key);
-    aws_byte_buf_write_from_whole_cursor(&combined_hash_buf, secret_access_key);
+    aws_byte_buf_init(&combined_buf, allocator, access_key.len + secret_access_key.len);
+    aws_byte_buf_write_from_whole_cursor(&combined_buf, access_key);
+    aws_byte_buf_write_from_whole_cursor(&combined_buf, secret_access_key);
 
     /* Write the allowed headers into hash */
     if (headers != NULL) {
@@ -503,19 +503,19 @@ struct aws_string *aws_encode_s3express_hash_key_new(
             struct aws_byte_cursor header_name = g_s3_create_session_allowed_headers[header_index];
             struct aws_byte_cursor header_value;
             if (aws_http_headers_get(headers, header_name, &header_value) == AWS_OP_SUCCESS && header_value.len > 0) {
-                aws_byte_buf_write_from_whole_cursor(&combined_hash_buf, comma);
-                aws_byte_buf_write_from_whole_cursor(&combined_hash_buf, header_name);
-                aws_byte_buf_write_from_whole_cursor(&combined_hash_buf, collon);
-                aws_byte_buf_write_from_whole_cursor(&combined_hash_buf, header_value);
+                aws_byte_buf_append_dynamic(&combined_buf, &comma);
+                aws_byte_buf_append_dynamic(&combined_buf, &header_name);
+                aws_byte_buf_append_dynamic(&combined_buf, &collon);
+                aws_byte_buf_append_dynamic(&combined_buf, &header_value);
             }
         }
     }
 
     /* 2. Get sha256 digest from the combined key */
-    struct aws_byte_cursor combine_key = aws_byte_cursor_from_buf(&combined_hash_buf);
+    struct aws_byte_cursor combined_cursor = aws_byte_cursor_from_buf(&combined_buf);
     struct aws_byte_buf digest_buf;
     aws_byte_buf_init(&digest_buf, allocator, AWS_SHA256_LEN);
-    aws_sha256_compute(allocator, &combine_key, &digest_buf, 0);
+    aws_sha256_compute(allocator, &combined_cursor, &digest_buf, 0);
 
     /* 3. Encode the result to be [host_value][hash_of_credentials] */
     struct aws_byte_buf result_buffer;
@@ -526,7 +526,7 @@ struct aws_string *aws_encode_s3express_hash_key_new(
 
     /* Clean up */
     aws_byte_buf_clean_up(&result_buffer);
-    aws_byte_buf_clean_up(&combined_hash_buf);
+    aws_byte_buf_clean_up(&combined_buf);
     aws_byte_buf_clean_up(&digest_buf);
 
     return result;

Diff for: tests/s3_s3express_client_test.c

@@ -717,14 +717,16 @@ TEST_CASE(s3express_client_copy_object_multipart) {
 }
 
 /**
- * Test hash of the express cache key 
+ * Test hash of the express cache key
  */
 TEST_CASE(s3express_hash_key_test) {
     (void)ctx;
 
     struct aws_string *access_key = aws_string_new_from_c_str(allocator, "AccessKey");
     struct aws_string *secret_access_key = aws_string_new_from_c_str(allocator, "SecretAccessKey");
     struct aws_http_headers *headers = aws_http_headers_new(allocator);
+    aws_http_headers_add(
+        headers, aws_byte_cursor_from_c_str("x-amz-create-session-mode"), aws_byte_cursor_from_c_str("ReadOnly"));
     aws_http_headers_add(
         headers, aws_byte_cursor_from_c_str("x-amz-server-side-encryption"), aws_byte_cursor_from_c_str("aws:kms"));
     aws_http_headers_add(
@@ -740,20 +742,22 @@ TEST_CASE(s3express_hash_key_test) {
         aws_byte_cursor_from_c_str("x-amz-server-side-encryption-bucket-key-enabled"),
         aws_byte_cursor_from_c_str("true"));
     aws_http_headers_add(
-        headers, aws_byte_cursor_from_c_str("header-not-allowed"), aws_byte_cursor_from_c_str("should-be-ignored"));
+        headers,
+        aws_byte_cursor_from_c_str("header-not-in-allow-list"),
+        aws_byte_cursor_from_c_str("should-be-ignored"));
 
     struct aws_credentials *creds =
         aws_credentials_new_from_string(allocator, access_key, secret_access_key, NULL, UINT64_MAX);
 
     struct aws_string *hash_key =
-        aws_encode_s3express_hash_key_new(allocator, creds, aws_byte_cursor_from_c_str("host"), headers);
+        aws_encode_s3express_hash_key_new(allocator, creds, aws_byte_cursor_from_c_str(""), headers);
     struct aws_byte_cursor hash_cursor = aws_byte_cursor_from_string(hash_key);
 
     struct aws_byte_buf encoded_buf;
-    aws_byte_buf_init(&encoded_buf, allocator, 100);
+    aws_byte_buf_init(&encoded_buf, allocator, 200);
     aws_hex_encode_append_dynamic(&hash_cursor, &encoded_buf);
 
-    char *expected_encoded_key = "686f737498ae6a365790707488b3e85402c9eddf422dc39f096e15eaba0d7cdd45f57ad2";
+    char *expected_encoded_key = "cabfefee4365e075646ba8928ed9f757481d1062ffcb0a3afe5b9c428dd45800";
     ASSERT_BIN_ARRAYS_EQUALS(expected_encoded_key, strlen(expected_encoded_key), encoded_buf.buffer, encoded_buf.len);
 
     aws_byte_buf_clean_up(&encoded_buf);